From e655588c58d0f5f549fc4ba755305d84e4a4495d Mon Sep 17 00:00:00 2001 From: tb Date: Sat, 31 Aug 2024 10:49:35 +0000 Subject: [PATCH] Expose X509_get_signature_info To compensate for all the removals, a single, small, constructive piece of this bump: expose X509_get_signature_info() so that libssl's security level API can handle RSA-PSS certificates correctly. ok beck jsing --- lib/libcrypto/Symbols.list | 1 + lib/libcrypto/x509/x509.h | 4 +--- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/lib/libcrypto/Symbols.list b/lib/libcrypto/Symbols.list index 44540e3cfb4..8459316be18 100644 --- a/lib/libcrypto/Symbols.list +++ b/lib/libcrypto/Symbols.list @@ -2733,6 +2733,7 @@ X509_get_key_usage X509_get_pubkey X509_get_pubkey_parameters X509_get_serialNumber +X509_get_signature_info X509_get_signature_nid X509_get_signature_type X509_get_subject_name diff --git a/lib/libcrypto/x509/x509.h b/lib/libcrypto/x509/x509.h index 81c2111d02f..d919881f867 100644 --- a/lib/libcrypto/x509/x509.h +++ b/lib/libcrypto/x509/x509.h @@ -1,4 +1,4 @@ -/* $OpenBSD: x509.h,v 1.118 2024/08/31 10:46:40 tb Exp $ */ +/* $OpenBSD: x509.h,v 1.119 2024/08/31 10:49:35 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -603,13 +603,11 @@ X509 * d2i_X509_AUX(X509 **a,const unsigned char **pp,long length); int i2d_re_X509_tbs(X509 *x, unsigned char **pp); -#if defined(LIBRESSL_INTERNAL) || defined(LIBRESSL_NEXT_API) /* Flags returned by X509_get_signature_info(): valid and suitable for TLS. */ #define X509_SIG_INFO_VALID 1 #define X509_SIG_INFO_TLS 2 int X509_get_signature_info(X509 *x, int *mdnid, int *pknid, int *secbits, uint32_t *flags); -#endif void X509_get0_signature(const ASN1_BIT_STRING **psig, const X509_ALGOR **palg, const X509 *x); -- 2.20.1